CVE-2023-2979

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-2979
A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211.

8.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 Release Notes
https://vuldb.com/?ctiid.230211 Permissions Required Third Party Advisory VDB Entry
https://vuldb.com/?id.230211 Permissions Required Third Party Advisory VDB Entry
https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:abstrium:pydio_cells:4.2.0:*:*:*:*:*:*:*
History

02 Nov 2023, 02:31

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8 		v2 : unknown
v3 : 8.8
CWE NVD-CWE-noinfo
References (MISC) https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be - (MISC) https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be - Exploit, Third Party Advisory

23 Oct 2023, 08:15

Type Values Removed Values Added
CWE CWE-284
References
  • (MISC) https://popalltheshells.medium.com/multiple-cves-affecting-pydio-cells-4-2-0-321e7e4712be -
Summary A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211.

05 Jun 2023, 18:03

Type Values Removed Values Added
References (MISC) https://vuldb.com/?id.230211 - (MISC) https://vuldb.com/?id.230211 - Permissions Required, Third Party Advisory, VDB Entry
References (MISC) https://vuldb.com/?ctiid.230211 - (MISC) https://vuldb.com/?ctiid.230211 - Permissions Required, Third Party Advisory, VDB Entry
References (MISC) https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 - (MISC) https://pydio.com/en/community/releases/pydio-cells/pydio-cells-enterprise-421 - Release Notes
First Time Abstrium pydio Cells
Abstrium
CPE cpe:2.3:a:abstrium:pydio_cells:4.2.0:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 9.8

30 May 2023, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-30 14:15

Updated : 2024-05-17 02:23

NVD link : CVE-2023-2979

Mitre link : CVE-2023-2979

JSON object : View

Products Affected

abstrium

  • pydio_cells
CWE
NVD-CWE-noinfo